ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Permission denied on selected filed
RSN


Joined: 15 Sep 2008
Posts: 3
Reply with quote
I'm running Clamwin engine version 0.94 (upgraded this past week) on a Dell Vostro 1400 laptop running Windows XP Home Edition version 5.1 SP2.

In addition to limited daily scans I run a more complete scan each weekend. During this weekend's scan Clamwin was denied permission on several files. Below is portion of the Clamwin report that lists the files denied access. Should I be concerned about the contents of any of these files? Thank you.

Scan Started Sat Sep 13 18:30:00 2008
-------------------------------------------------------------------------------
<snip>
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied
C:\WINDOWS\system32\config\DEFAULT: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\SOFTWARE: Permission denied
C:\WINDOWS\system32\config\SYSTEM: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 419742
Engine version: 0.94
Scanned directories: 7024
Scanned files: 93040
Infected files: 4
Not copied: 4
Data scanned: 36693.29 MB
Time: 6962.109 sec (116 m 2 s)
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 3608
Location: USA
Reply with quote
You normally don't have to worry about files that can't be opened by ClamWin. They are usually files that are in use by the system or perhaps a file that you are running at the same time as the scan. The two I see most frequently on my XP machine are hiberfil.sys and pagefil.sys.

The files you show do not look like valid windows system files to me--they are generic names, and one of them is a temp file--that is unusual. Try a scan in Windows Safe Mode, and also try a scan with another AV if you can. Get back to us here with the results.

Regards,
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 891
Location: Italy
Reply with quote
please refer to this post:
http://forums.clamwin.com/viewtopic.php?t=1959 http://forums.clamwin.com/viewtopic.php?t=1959
View user's profileSend private message
RSN


Joined: 15 Sep 2008
Posts: 3
Reply with quote
GuitarBob, Sherpya: Thanks for your replies. Sherpya's reply referencing topic 1959 (that Clamwin's upgrade now reports access denials) explains most if not all of the worrisome permission denials that I received. I also did some more digging on the tmp.edb file and found the following reference:
----------------
This system *.edb file can usually be deleted after a reboot:

C:\WINDOWS\system32\CatRoot2\tmp.edb

These system *.edb files can be deleted only after your system settles in from after rebooting, or after a time from a visit to the Microsoft Update Website:

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Source: http://www.neowin.net/forum/index.php?showtopic=316422
-----------------
So maybe this file appeared because I started to upgrade XP last week which presumably invoked a visit to the Microsoft Update Website? If I learn anything more I'll pass it along. My current thinking is that the permission denials were harmless.

Thanks to both of you.
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 891
Location: Italy
Reply with quote
they are files used by windows update service,
if you stop it you are able to access and also delete those files
(net stop wuauserv)

sometimes is used to remove software distribution directories when a user encounters problems with windows update
the next update will recreate the directory but you'll lose update history

perhaps I'll add those files in the post
View user's profileSend private message
RSN


Joined: 15 Sep 2008
Posts: 3
Reply with quote
Sherpya:

Great. Thanks for confirming.
View user's profileSend private message
Pagefile.sys
Rflores


Joined: 13 Oct 2008
Posts: 1
Location: Fort Mac
Reply with quote
I do get that error Access Denied on Pagefile.sys and when I get that error, scanning stops and doesn't continue.
View user's profileSend private message
ClamWin is a Virus
awprran


Joined: 21 Jul 2009
Posts: 2
Location: Cochrane, Alberta Canada
Reply with quote
I ran your antivirus the first time with no problems. THe next morning I awoke and there was a popup stating Windows Vista Home Premium had blocked Clamwin as it was a virus.

Now isn't that interesting?

What should I do?

Tony Question
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 3608
Location: USA
Reply with quote
That's a strange message! Are you using another antivirus in addition to ClamWin? I didn't know Vista did stuff like that, as it's not an antivirus in itself. Was ClamWin updating during the time you got the message? Is the ClamWin icon in the system tray? Can you right click on the icon and access any functions? See if you can open it and do a scan of the Windows directory. Before doing that, however, set the infected file General preference to Report Only. Please get back here with results.

ClamWin doesn't have a resident scanner--it only scans "on demand" when you tell it to scan and what to scan, although you can set up scans according to an automatic schedule. If you use the web a lot, you should have an antivirus with a resident scanner (Avast and AntiVir and a couple of others have free versions available) and use ClamWin as a backup scanner. Since ClamWin isn't resident, it should not conflict with a resident scanner (never use more than one resident scanner).

Regards,
View user's profileSend private message
No other anti-virus programs running
awprran


Joined: 21 Jul 2009
Posts: 2
Location: Cochrane, Alberta Canada
Reply with quote
First, I am fully aware of the potential hazards of having more than one anti-virus program loaded. I have 44+ years in comptuers so that was my first priority to unload the old stuff; AVG. I rebooted the notebook and then installed ClamWin. I had set a scheduled task for running at 2 AM, this is where the error came from.
View user's profileSend private message
Permission denied on selected filed
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic